Answered: [Security threat] tags are not sanitized in extra question field
Post date: 2020-07-01 00:44:51
Views: 169

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.
Please click Here to read the full story.
 
Other Top and Latest Questions:
Abercrombie shares soar 20% on Hollister growth, strong earnings beat
Alibaba shares rise as AI drives 34% cloud sales jump
Applying to jobs from Thanksgiving to New Year's isn't pointless, experts say: 'You actually have more opportunity to stand out'
Best Buy hikes sales forecast as shoppers upgrade tech, splurge on devices
Dick's Sporting Goods to shutter some Foot Locker stores to protect profits
We're buying more shares of a company that can deliver growth in a tough economy
Some of the big risks for the market in 2026, according to JPMorgan
Michael Burry's next 'Big Short': An inside look at his analysis showing AI is a bubble
TSMC stock falls as it sues former exec alleging he took trade secrets to Intel
Dan Ives’ top tech picks into year-end